Does your car know more about you than your cell phone?

Technological advances have transformed modern automobiles into true smartphones on wheels. Equipped with GPS, internal and external cameras, voice commands and real-time telemetry systems, smart vehicles collect a massive volume of personal data daily. However, most Brazilian drivers still do not realize that their routine is being monitored every kilometer driven.

The theme raises a red alert about privacy and digital security. To understand the legal limits of this collection and the impact of the General Data Protection Law (LGPD) on the automotive sector, we spoke with criminal and digital lawyer, Lourival Tenório de Albuquerque.

Continue lendo

27/05/2026

One of the most violent thieves in the city of São Paulo is arrested; see video

A 23-year-old man, considered by the police to be one of the most violent thieves in the city of São Paulo, was arrest...

27/05/2026

Djokovic advances at Roland Garros after scare against Frenchman

Serbian Novak Djokovic advanced this Wednesday to the third round of the French Open by beating Frenchman Valentin Roy...

27/05/2026

Federal Government signs service order for "middle section" on BR-319

The federal government signed today the first of four service orders for asphalting and recovery of the so-called "mid...

The illusion of consent on the dashboard
When starting a connected car for the first time or pairing systems like Android Auto and Apple CarPlay, the user is bombarded with complex privacy terms. In practice, however, consumer freedom of choice is almost nil.

"What we see in practice is a sequence of screens with long texts, in reduced font, written in technical-legal language, which the driver needs to accept to have access to the vehicle's basic functionalities. There is no real option to refuse without significant loss of functions. There is an acceptance click, but materially there is no free or specific consent. Brazilian law considers consent obtained through generic forms to be null and void", explains Albuquerque.

Invisible monetization and the risk of commercial profiling
Unlike the North American market, in which automakers were caught selling driving data to secretly inflate insurance policies, the risk in Brazil emerges in a more subtle way, through voluntarily accepted telemetry insurance programs (such as Toyota Conecta) or through opaque sharing between companies in the same economic group as the automaker.

Top Cifras

Toque agora.

1 C Quest ce Que Ça Peut Ben Faire - Eric Lapointe

2 Graça Soberana Me Tocou Reformed Sound

3 Chega Zezé Di Camargo & Luciano

4 Sem Saber Pique Novo

The big legal problem arises when the vehicle uses this data for advertising purposes without express authorization, configuring a clear misuse of purpose.

According to the expert, the use of GPS or voice assistant to suggest advertisements from commercial partners on the panel violates article 6 of the LGPD.

In addition, continuous monitoring exposes extremely sensitive driver habits. "Continuous geolocation reveals life patterns: where a person sleeps, where they work, where their children study, whether they attend churches or specific medical clinics. This crossed data can indirectly reveal health or religious information", points out the lawyer.

Undue monetization of this information can result in lawsuits based on the Consumer Protection Code (CDC) and ANPD fines of up to R$50 million per infraction.

Who is to blame in the event of a hacker attack?

With vehicles increasingly integrated into the cloud, often with servers located abroad, in China, the USA or Europe, cyber vulnerability becomes a frequent concern for consumers. If an automaker's system is hacked and customers' route history becomes public, Brazilian legislation provides for a consumer protection mechanism.

Albuquerque clarifies that the LGPD adopts joint and several liability (article 42) between the automaker and the developers of embedded software, such as Google or Apple.

"For the injured driver, the most effective strategy would be to sue the automaker and the technology company jointly. The automaker will hardly be able to exempt itself, as it is the one who chose the technological partner and who is responsible for the safety of the system as a whole", he states. The dealership that sold the physical product, as a rule, remains outside this digital chain of responsibility.

The sale of a pre-owned vehicle
One of the biggest safety bottlenecks in the current market occurs when a used vehicle is resold.

If the previous owner does not formally revoke digital access and unlink their account from the chassis, they maintain virtual access to the new buyer's data.

On specific models, such as Tesla ecosystems, the cell phone app allows:

-
Track the exact location of the car in real time;

-
Lock and unlock doors remotely;

-
View complete travel history;

-
Access the internal camera feed and listen to cabin audio from a distance.

The expert warns that failure to disconnect can constitute serious crimes. "This constitutes unauthorized access to personal data, unauthorized monitoring (which could be classified as digital stalking under the Penal Code) and improper access to a computer system."

The "limbo" of data deletion channels
Although article 18 of the LGPD guarantees citizens the right to demand the definitive deletion of their data, facial biometrics and voice history from corporate databases within 15 days, the Brazilian automotive market is still struggling in the practical implementation of this right.

Most brands operating in the country do not have dedicated channels for this purpose. The consumer is often pushed towards generic SACs or instructed to go in person to a dealership, whose employees do not have any access or management over the automaker's central servers.

The absence of a clear and accessible channel with the Data Officer (DPO) remains the main challenge for consumers who want to regain control of their privacy on four wheels.

Cars with autopilot: what is the technology and how to use it?

Source: CNN